US11671455B2ActiveUtilityA1

Ethernet communications device and method for operating an ethernet communications device

50
Assignee: NXP BVPriority: Sep 18, 2019Filed: Sep 18, 2019Granted: Jun 6, 2023
Est. expirySep 18, 2039(~13.2 yrs left)· nominal 20-yr term from priority
H04L 69/22H04L 69/321H04L 63/162H04L 63/20H04L 69/323H04L 63/105H04L 69/40H04L 63/10
50
PatentIndex Score
0
Cited by
4
References
20
Claims

Abstract

Embodiments of a device and method are disclosed. In an embodiment, an Ethernet communications device includes a physical layer (PHY) unit or a media access control (MAC) unit configured to perform media access control for the Ethernet communications device. The Ethernet communications device includes a security unit configured to manipulate a data stream in a data path within the Ethernet communications device when the data stream violates or conforms to a pre-defined policy.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. An Ethernet communications device comprising:
 a physical layer (PHY) unit; or 
 a media access control (MAC) unit configured to perform media access control for the Ethernet communications device; 
 wherein the Ethernet communications device comprises a security unit configured to: 
 extract frame header information from a data stream in a data path within the Ethernet communications device; 
 determine whether the data stream violates or conforms to a pre-defined policy determining whether the frame header information violates or conforms to the pre-defined policy; and 
 output a modified data stream by altering the data stream in the data path within the Ethernet communications device based on whether the data stream violates or conforms to the pre-defined policy; 
 wherein altering the data stream in the data path includes:
 altering a virtual local-area-network identifier (VLAN ID) in the frame header information; or 
 altering cyclic redundant checksum (CRC) information in the data stream. 
 
 
     
     
       2. The Ethernet communications device of  claim 1 , wherein the Ethernet communications device communicates via a shared media. 
     
     
       3. The Ethernet communications device of  claim 1 , wherein the security unit is further configured to interrupt transmission of the data stream when the data stream violates or conforms to the pre-defined policy. 
     
     
       4. The Ethernet communications device of  claim 1 , wherein the security unit is further configured to modify the data stream when the data stream violates or conforms to the pre-defined policy. 
     
     
       5. The Ethernet communications device of  claim 1 , wherein the security unit is further configured to receive the pre-defined policy from a media-independent interface (MII) or a secured control channel. 
     
     
       6. The Ethernet communications device of  claim 1 , wherein the security unit is a component of the PHY unit. 
     
     
       7. The Ethernet communications device of  claim 1 , wherein the security unit is a component of the MAC unit. 
     
     
       8. The Ethernet communications device of  claim 1 , wherein the security unit is a component of a media-independent interface (MII) or a reconciliation sublayer between the PHY unit and the MAC unit. 
     
     
       9. The Ethernet communications device of  claim 1 , wherein the data stream is altered by altering VLAN ID in the frame header information. 
     
     
       10. The Ethernet communications device of  claim 1 , wherein the data stream is altered by altering the CRC information in the data stream. 
     
     
       11. A method of operating an Ethernet communications device, the method comprising:
 determining whether or not a data stream in a data path within the Ethernet communications device violates or conforms to a pre-defined policy; 
 outputting a modified data stream by altering the data stream based on whether the data stream violates or conforms to the pre-defined policy; and 
 transmitting the modified data stream to one or more other communications devices instead of the data stream; 
 wherein determining whether or not the data stream violates or conforms to the pre-defined policy comprises extracting frame header information from data stream and comparing the frame header information with the pre-defined policy, and wherein altering the data stream when the data stream violates or conforms to the pre-defined policy comprises altering the data stream when the frame information violates or conforms to the pre-defined policy; and 
 wherein altering the data stream in the data path includes:
 altering a virtual local-area-network identifier (VLAN ID) in the frame header information; or 
 altering cyclic redundant checksum (CRC) information in the data stream. 
 
 
     
     
       12. The method of  claim 11 , wherein the Ethernet communications device communicates via a shared media. 
     
     
       13. The method of  claim 11 , wherein the frame header information comprises at least one of a source address, a destination address, port information and frame priority information. 
     
     
       14. The method of  claim 11 , wherein altering the data stream when the data stream violates or conforms to the pre-defined policy comprises interrupting transmission of the data stream when the data stream violates or conforms to the pre-defined policy. 
     
     
       15. The method of  claim 11 , wherein altering the data stream when the data stream violates or conforms to the pre-defined policy comprises modifying the data stream when the data stream violates or conforms to the pre-defined policy. 
     
     
       16. The method of  claim 11 , wherein the data stream is altered by altering the VLAN ID in the frame header information. 
     
     
       17. The method of  claim 11 , wherein the data stream is altered by altering the CRC information in the data stream. 
     
     
       18. A communications network comprising:
 a shared communication medium; and 
 a plurality of Ethernet communications devices configured to communicate via the shared communication medium, wherein each of the Ethernet communications devices comprising: 
 a physical layer (PHY) unit; or 
 a media access control (MAC) unit configured to perform media access control for the Ethernet communications device, 
 wherein each of the Ethernet communications devices comprises a security unit configured to: 
 extract frame header information from a data stream in a data path within the Ethernet communications device;
 determine whether the data stream violates or conforms to a pre-defined policy by determining whether the frame header information violates or conforms to the pre-defined policy; 
 output a modified data stream by altering the data stream based on whether the data stream violates or conforms to the pre-defined policy; and 
 transmit the modified data stream to one or more of the plurality of Ethernet communications device in place of the data stream; 
 
 wherein altering the data stream in the data path includes:
 altering a virtual local-area-network identifier (VLAN ID) in the frame header information; or 
 altering cyclic redundant checksum (CRC) information in the data stream. 
 
 
     
     
       19. The communications network of  claim 18 , wherein the data stream is altered by altering VLAN ID in the frame header information. 
     
     
       20. The communications network of  claim 18 , wherein the data stream is altered by altering the CRC) information in the data stream.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.